Search

Search Results (366805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5629 1 Ntt-bp 1 Japan Connected-free Wi-fi 2025-04-12 N/A
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5630 1 Ntt-bp 1 Japan Connected-free Wi-fi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
CVE-2015-5633 1 Newphoria Corporation 1 Auction Camera 2025-04-12 N/A
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5634 1 Newphoria Corporation 1 Megaphone Music 2025-04-12 N/A
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5635 1 Newphoria Corporation 1 Koritore 2025-04-12 N/A
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5636 1 Newphoria Corporation 1 Reversi 2025-04-12 N/A
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5637 1 Newphoria Corporation 1 1.1 2025-04-12 N/A
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5638 1 Dena 1 H20 2025-04-12 N/A
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
CVE-2015-5640 1 Basercms 1 Basercms 2025-04-12 N/A
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
CVE-2015-5641 1 Basercms 1 Basercms 2025-04-12 N/A
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5643 1 Icz 1 Matchasns 2025-04-12 N/A
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5644 1 Icz 1 Matchasns 2025-04-12 N/A
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5645 1 Icz 1 Matchasns 2025-04-12 N/A
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.
CVE-2015-5646 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
CVE-2015-5647 1 Cybozu 1 Garoon 2025-04-12 N/A
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
CVE-2015-5648 1 Loenshotel 1 Phprechnung 2025-04-12 N/A
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5649 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
CVE-2015-5650 1 Ajaxplorer 1 Ajaxplorer 2025-04-12 N/A
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-5651 1 Dotclear 1 Dotclear 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5653 1 Canarylabs 1 Trendweb 2025-04-12 N/A
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.